nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.8k stars 606 forks source link

[FEATURE]: Whitelisting based on IP address: MatchZones #406

Closed vishnupradeepkumar closed 6 years ago

vishnupradeepkumar commented 6 years ago

Hi all,

Hope you're all doing well and thanks for the awesome module. I've been using the module for some of our projects for sometime. However, one thing that constantly bugs me is with the need for IP based white-listing rules. This is most partly of getting blocked myself, and manually turning on learning mode and generating whitelist.

Also, I've been trying out different combination of the MatchZones to make the IP excluded from NAXSI completely, but wasn't successfully. So something like parsing visitor IP and making MatchZones like: $IP_ADDR or $IP_ADDR_VAR is what I can think of. OfCourse, I believe the visitor IP has to be available from $HEADER too.

Now this could be me coming from a webhosting background and managing all access IP based, but If this is a wrong approach, please sure let me know why.

buixor commented 6 years ago

Hello,

I guess you should use https://github.com/nbs-system/naxsi/wiki/runtime-modifiers